alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(backend): Complete Phase 2.4 - User Management Enhancement
Some checks failed
Lint and Build / Lint (push) Has been cancelled
Details
Lint and Build / Build (push) Has been cancelled
Details
Lint and Build / Docker Build (push) Has been cancelled
Details

Browse source 
Phase 2.4 is now COMPLETE!

Implemented Features:

1. Password Recovery 
   - Zero-knowledge recovery phrases
   - Setup, verify, and reset-password endpoints
   - Token invalidation on password reset

2. Enhanced Profile Management 
   - Get, update, and delete profile endpoints
   - Password confirmation for deletion
   - Token revocation on account deletion

3. Email Verification (Stub) 
   - Verification status check
   - Send verification email (stub - no email server)
   - Verify email with token
   - Resend verification email (stub)

4. Account Settings Management 
   - Get account settings endpoint
   - Update account settings endpoint
   - Change password with current password confirmation
   - Token invalidation on password change

New API Endpoints: 11 total

Files Modified:
- backend/src/models/user.rs (added find_by_verification_token)
- backend/src/handlers/auth.rs (email verification handlers)
- backend/src/handlers/users.rs (account settings handlers)
- backend/src/main.rs (new routes)

Testing:
- backend/test-phase-2-4-complete.sh

Documentation:
- backend/PHASE-2-4-COMPLETE.md

Phase 2.4: 100% COMPLETE
This commit is contained in:
goose 2026-02-15 20:48:39 -03:00
parent 88c9319d46
commit a3c6a43dfb
6 changed files with 1727 additions and 687 deletions
Download patch file Download diff file Expand all files Collapse all files

13
backend/src/main.rs
View file

@ -81,8 +81,11 @@ async fn main() -> anyhow::Result<()> {
.route("/api/auth/login", post(handlers::login))
.route("/api/auth/refresh", post(handlers::refresh_token))
.route("/api/auth/logout", post(handlers::logout))
// Password recovery (public)
.route("/api/auth/recovery/verify", post(handlers::verify_recovery))
.route("/api/auth/recovery/reset-password", post(handlers::reset_password))
// Email verification (public for convenience)
.route("/api/auth/verify/email", post(handlers::verify_email))
.layer(
ServiceBuilder::new()
.layer(TraceLayer::new_for_http())
@ -90,10 +93,20 @@ async fn main() -> anyhow::Result<()> {
);
let protected_routes = Router::new()
// Profile management
.route("/api/users/me", get(handlers::get_profile))
.route("/api/users/me", put(handlers::update_profile))
.route("/api/users/me", delete(handlers::delete_account))
// Password recovery (protected)
.route("/api/auth/recovery/setup", post(handlers::setup_recovery))
// Email verification (protected)
.route("/api/auth/verify/status", get(handlers::get_verification_status))
.route("/api/auth/verify/send", post(handlers::send_verification_email))
.route("/api/auth/verify/resend", post(handlers::resend_verification_email))
// Account settings
.route("/api/users/me/settings", get(handlers::get_settings))
.route("/api/users/me/settings", put(handlers::update_settings))
.route("/api/users/me/change-password", post(handlers::change_password))
.layer(
ServiceBuilder::new()
.layer(TraceLayer::new_for_http())